Applications developed for intelligent devices (e.g., smart phones, smart televisions, tablets, and the like) emerge one after another. Often, these applications are capable of obtaining user information (for example, contacts stored in an address book, a geographical location of the device as determined by a global positioning system (GPS), etc.) by invoking an API (sometimes called an “API call”) provided by an operating system. However, it is not always apparent to users of such devices what sorts of information is being accessed and obtained. In some circumstances, malicious applications may also perform unwanted actions through APIs, for example, by thieving information of a contact person, surreptitiously reading the geographical location of the device, monitoring phone calls made by the user, or silently installing/uninstalling applications. Such actions violate the privacy of the user.
In conventional methods of controlling invocation of an API by an application, the user is informed of an invoking permission of an application when the application is installed. Specifically, an invoking permission list of the application is sometimes listed in an installation interface of the application, and the user is asked to agree to the terms of use of the application, including the listed invoking permissions. If the user agrees with the terms of use, the application is installed. If the user does not agree with terms of use, installation of the application is canceled.
Thus, there is no middle ground that allows the user to use the application but with limited permission to invoke certain APIs. Furthermore, it is difficult for the user to identify whether an invoking permission in an invoking permission list is necessary for an application, and most users neglect presentation of the invoking permission list when an application is installed and directly agree to install the application, which leads to the application maliciously obtaining user information. As a result, the security of the device is reduced, and the user experience is affected.